As we turn the page on 2018, let’s reflect on some of the key privacy and cybersecurity issues that will continue to occupy our hearts and minds in 2019....more
1/4/2019
/ California Consumer Privacy Act (CCPA) ,
Carpenter v US ,
Cybersecurity ,
Data Breach ,
Data Security ,
Internet of Things ,
Marriott ,
Personally Identifiable Information ,
Popular ,
Regulatory Oversight ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
Verizon ,
Yahoo!
The Pennsylvania Supreme Court has drastically changed the data breach litigation landscape by holding that an employer has a common law duty to use reasonable care to safeguard its employees' personal information stored on...more
11/28/2018
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Security ,
Economic Loss Doctrine ,
Employer Liability Issues ,
Employment Litigation ,
Identity Theft ,
Negligence ,
PA Supreme Court ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Reasonable Care
The U.S. Securities and Exchange Commission (SEC) has joined the government chorus in sounding the alarm about the rapid rise in "business email compromises" that are victimizing organizations across industry sectors....more
10/23/2018
/ Business E-Mail Compromise (BEC) ,
Cyber Attacks ,
Electronic Communications ,
Email ,
Fraud ,
Internal Controls ,
Popular ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Vulnerability Assessments
This month marks fifteen years of observing National Cyber Security Awareness Month (NSCAM) in October. The program was started way back in 2004, by the U.S. Department of Homeland Security and the National Cyber Security...more
The New York Department of Financial Services (“NYDFS”) has adopted a regulation that requires “consumer credit reporting agencies” (“CCRAs”) to register with the NYDFS, prohibits CCRAs from engaging in certain practices, and...more
Last week, the Office of the Comptroller of the Currency (“OCC”) published the Spring 2018 Semiannual Risk Perspective (the “Report”), which uses up-to-date data to identify risks to U.S. banks and measure their compliance...more
6/6/2018
/ Beneficial Owner ,
BSA/AML ,
Customer Due Diligence (CDD) ,
Cyber Threats ,
Cybersecurity ,
Financial Fraud ,
Fraud Prevention ,
Money Laundering ,
OCC ,
Popular ,
Risk Management ,
Third-Party Risk
South Carolina has become the first state to enact a version of the Insurance Data Security Model Law, which was drafted by the National Association of Insurance Commissioners (NAIC) in 2017. Governor Henry McMaster signed...more
5/21/2018
/ Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Incident Response Plans ,
Information Technology ,
Insurance Industry ,
NAIC ,
Popular ,
Risk Assessment ,
Risk Management ,
State and Local Government ,
Third-Party Service Provider
The fallout from the Yahoo data breaches continues to illustrate how cyberattacks thrust companies into the competing roles of crime victim, regulatory enforcement target and civil litigant. ...more
5/14/2018
/ Class Action ,
Criminal Conspiracy ,
Criminal Prosecution ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Failure To Disclose ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Publicly-Traded Companies ,
Russia ,
Securities and Exchange Commission (SEC) ,
Securities Violations ,
Yahoo!
The U.S. Court of Appeals for the Seventh Circuit has reinstated a data breach class action filed against Barnes & Noble (B&N). The litigation, styled as Dieffenbach v. Barnes & Noble, Inc., now heads back to the U.S....more
4/16/2018
/ Article III ,
Barnes and Noble ,
Corporate Counsel ,
Data Breach ,
Debit and Credit Card Transactions ,
Economic Injuries ,
Federal Rule 12(b)(1) ,
Federal Rule 12(b)(6) ,
Hackers ,
Injury-in-Fact ,
Personally Identifiable Information ,
Point of Sale Terminals ,
Popular ,
Putative Class Actions ,
Reinstatement ,
Standing ,
State Data Breach Notification Statutes ,
UDAAP
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018. The law will take effect on May 1, 2018....more
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018.
...more
4/3/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
South Dakota has become the 49th State to enact a data breach notification law. South Dakota Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The law will take effect on July 1, 2018....more
3/23/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
The beleaguered law firm at the center of the international Panama Papers scandal – Mossack Fonseca – has announced that it is closing its doors. It offered no apologies....more
3/16/2018
/ Banking Sector ,
Beneficial Owner ,
Corruption ,
Criminal Investigations ,
Data Breach ,
Money Laundering ,
Mossack Fonseca ,
Offshore Funds ,
Panama Papers ,
Popular ,
Shell Corporations ,
Tax Haven ,
White Collar Crimes
The Pennsylvania Supreme Court recently issued a sweeping ruling “that accessing any information from a cell phone without a warrant” violates the Fourth Amendment to the United States Constitution. ...more
The U.S. Supreme Court heard oral arguments this morning in United States v. Microsoft, No. 17-2, which presents the question whether a United States court may issue a search warrant to a U.S.-based electronic communications...more
On February 21, 2018, the U.S. Securities and Exchange Commission approved the release of Interpretive Guidance relating to public company disclosures of cybersecurity risks and incidents. ...more
2/23/2018
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Form 8-K ,
Insider Trading ,
Interpretive Rule ,
Non-Public Information ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)
Earlier this week, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo...more
2/22/2018
/ Article III ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Petition for Writ of Certiorari ,
Popular ,
Standing
The U.S. Supreme Court on Monday denied the petition for certiorari seeking review of the U.S. Court of Appeals for the Ninth Circuit's most recent decision in Spokeo v. Robins (Spokeo II), foregoing an opportunity to clarify...more
1/25/2018
/ Article III ,
Background Checks ,
CareFirst ,
Class Action ,
Data Breach ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
Petition for Writ of Certiorari ,
Popular ,
SCOTUS ,
Spokeo v Robins ,
Standing
The State of Washington's Attorney General filed a complaint against Uber Technologies, Inc., (Uber) this week related to the 2016 hack that exposed the personal data of 57 million riders and drivers. The suit is the first...more
Influencer marketing is the popular practice of using individuals with large social media audiences—known as "influencers"—to advertise products and services through their social media accounts....more
10/4/2017
/ Advertising ,
Brand ,
Celebrity Endorsements ,
Disclosure Requirements ,
Endorsements ,
Facebook ,
Federal Trade Commission (FTC) ,
FTC Endorsement Guidelines ,
Influencers ,
Instagram ,
Marketing ,
Misrepresentation ,
Online Endorsements ,
Snapchat ,
Social Media ,
Twitter ,
Websites ,
YouTube
A global group of data privacy regulators has, for the first time, set forth data privacy and security guidance on the development of automated and connected-car technologies. ...more
In the span of just nine days, the U.S. Court of Appeals for the Eighth Circuit issued two rulings in class actions involving data breaches—one breach in 2013 at brokerage firm Scottrade and another in 2014 at grocery stores...more
9/5/2017
/ Article III ,
Breach of Contract ,
Brokerage Accounts ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Federal Rule 12(b)(6) ,
Grocery Stores ,
Hackers ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Scottrade ,
Standing
The Federal Trade Commission (FTC) this week announced a consent order with TaxSlayer, LLC, an online tax preparation services provider, to settle claims that the company violated the Gramm-Leach-Bliley Act (GLBA) Safeguards...more
Delaware has joined the growing list of states that have recently amended their data breach laws. With passage of the first significant amendments to its data breach law since 2005, Delaware continues a state-law trend of...more
The Maryland General Assembly recently amended the Maryland Personal Information Protection Act to expand the definition of personal information, provide a 45-day timeframe for providing notice of a breach, allow for...more